A method for replacing an existing key derivation key in a utility meter arranged in a meter communication infrastructure in a secure way. The method provide a secure mechanism for exchange of symmetric keys without the need for transferring keys across the meter communication infrastructure. From the head-end system to the utility meter is transmitted a command data message comprising a request for replacing the existing key derivation key with the new key derivation key, the key-generation information and a activation key or an authentication code calculated based on the activation key. The utility meter receiving the command data message is arranged to derive the new key derivation key based on a copy of a disaster recovery key stored in the utility meter and on the key-generation information comprised in the received command data message. Further, the utility meter is arranged for deriving a activation key from the new key derivation key. The activation key is used for verifying the command data message. If the command data message is verified the existing key derivation key is replaced by a new key derivation key.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method according to claim 1, wherein the server side disaster recovery key is stored in a secure environment.
3. The method according to claim 1, wherein the new derivation key at the server side is derived in the secure environment before being transferred to the head-end system or key management system.
4. The method according to claim 1, wherein the disaster recovery key for use at the server side is stored in a secure environment in form of a hardware security module.
6. The utility meter according to claim 5, further being arranged for secure communication with the head-end system using application keys derived in the utility meter using the key derivation key.
8. The meter communication infrastructure according to claim 7, wherein the server side further is configured for acquiring existing key-generation information about the existing key derivation key from the utility meter and deriving the key-generation information for the new key derivation key on at least the acquired existing key-generation information.
10. The meter communication infrastructure according to claim 9, wherein the secure environment used for storing the disaster recovery key protected by a hardware security module.
11. The meter communication infrastructure according to claim 7, wherein the utility meter is a utility meter according to claim 5 and the meter communication infrastructure is arranged to perform the method of claim 1.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 14, 2021
March 28, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.